<template>
  <div class="flex flex-col">
    <header id="section-hero-wrapper" class="section overflow-hidden">
      <div class="secondary-nav-wrap pointer-events-none"></div>
      <div id="section-hero" class="container flex max-width-1920">
        <div
          id="hero-col"
          class="
            flex
            direction-vertical
            align-center
            margin-0-auto
            text-align-center
            max-width-1060
          "
        >
          <h1 class="h large mb-20 listen-color-theme">Security</h1>
          <p class="p large listen-color-theme">
            Smartlight is critical infrastructure for our customers. We go to
            great lengths to protect the security of your account, your data,
            and your users. We are SOC 2 Type 2 compliant. Download our SOC 3
            report
            <a
              href="https://assets-global.website-files.com/6050a76fa6a633d5d54ae714/625fcc1efff642504d906738_Smartlight%20-%202022%20Type%202%20SOC%203%20-%20Report.pdf"
              class="link"
              >here</a
            >. Learn how to
            <a
              href="https://www.smartlight.com/platform/disclosure"
              class="link"
              >report a security concern</a
            >.
          </p>
        </div>
      </div>
    </header>
    <main class="main">
      <section class="section bg-blue-5">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Account security</h2>
            <p class="p large listen-color-theme">
              We serve our website exclusively via HTTPS, and serve all our APIs
              over HTTPS by default. We offer two-factor authentication for
              logins to help you protect your account, and we let you create
              multiple customizable access tokens for granular control over
              access to your account resources.
            </p>
          </div>
        </div>
      </section>
      <section class="section">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Physical security</h2>
            <p class="p large listen-color-theme">
              Our infrastructure runs inside data centers designed and operated
              by
              <a href="https://aws.amazon.com/security/" class="link"
                >Amazon Web Services</a
              >
              (AWS). AWS data centers feature state of the art environmental
              security controls to safeguard against fires, power loss, and
              adverse weather conditions. Physical access to these facilities is
              highly restricted and they are monitored by professional security
              personnel. Our offices are equipped with access control, intrusion
              detection, and video surveillance systems.
            </p>
          </div>
        </div>
      </section>
      <section class="section bg-blue-5">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Software security</h2>
            <p class="p large listen-color-theme">
              Our systems run the latest stable versions of Ubuntu or Amazon
              Linux and our applications run on the latest stable version of
              Node.js. We monitor documented threats from public security
              research databases (such as the
              <a href="https://cve.mitre.org/" class="link"
                >Common Vulnerabilities and Exposures catalog</a
              >), and we run automated vulnerability scanners at regular
              intervals across our infrastrcure and before each deploy. Our
              developers receive training for secure software development,
              including
              <a href="https://www.owasp.org/" class="link"
                >Open Web Application Security Project</a
              >
              guidelines. All major code changes are subject to a multi-point
              code review with specific attention paid to security.
            </p>
          </div>
        </div>
      </section>
      <section class="section">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">DDoS mitigation</h2>
            <p class="p large listen-color-theme">
              Maps and location can be politically charged subjects. We maintain
              firewalls on our edge servers and origin load balancers to protect
              against bandwidth and protocol-based attacks, and we use
              intelligent web application firewalls and elastic scaling of our
              compute capacity to mitigate attacks at the application layer,
              including complex and evolving attacks.
            </p>
          </div>
        </div>
      </section>
      <section class="section bg-blue-5">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Data security</h2>
            <p class="p large listen-color-theme">
              All customer data is stored with at least dual redundancy and
              we've designed our storage solution for 99.999999999% long term
              durability. All Smartlight accounts come with built-in
              encryption-at-rest. We store and secure Mobile Telemetry in a
              <a href="https://www.smartlight.com/telemetry/" class="link"
                >dedicated pipeline</a
              >.
            </p>
          </div>
        </div>
      </section>
      <section class="section">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Private maps</h2>
            <p class="p large listen-color-theme">
              From raster imagery from a drone to GPS traces from a fleet of
              vehicles, data uploaded by Enterprise users can be secured with
              private maps. New maps are private by default and existing maps
              can be made private with a single click. Access tokens provide a
              powerful way to control permissions: in our management interface,
              users can create, revoke, and monitor the usage of resources based
              on tokens.
            </p>
          </div>
        </div>
      </section>
      <section class="section bg-blue-5">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Employee access</h2>
            <p class="p large listen-color-theme">
              From raster imagery from a drone to GPS traces from a fleet of
              vehicles, data uploaded by Enterprise users can be secured with
              private maps. New maps are private by default and existing maps
              can be made private with a single click. Access tokens provide a
              powerful way to control permissions: in our management interface,
              users can create, revoke, and monitor the usage of resources based
              on tokens.
            </p>
          </div>
        </div>
      </section>
      <section class="section">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Logging</h2>
            <p class="p large listen-color-theme">
              We log activity across our platform, from individual API requests
              to infrastructure configuration changes. Logs are aggregated for
              monitoring, analysis, and anomaly detection and archived in
              vaulted storage. We implement measures to detect and prevent log
              tampering or interruptions.
            </p>
          </div>
        </div>
      </section>
      <section class="section bg-blue-5">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Payment processing</h2>
            <p class="p large listen-color-theme">
              We process payments with
              <a href="https://stripe.com/help/security" class="link">Stripe</a
              >, which has been audited by a
              <a
                href="https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard"
                class="link"
                >Payment Card Industry Standard-certified</a
              >
              auditor, and is certified to PCI Service Provider Level 1. This is
              the most stringent level of PCI DSS certification available.
              Payment information is transmitted directly to Stripe via HTTPS
              for secure storage and is never transmitted to or stored on
              Smartlight servers.
            </p>
          </div>
        </div>
      </section>
      <section class="section">
        <div class="container">
          <div class="container">
            <h2 class="h _2 mb-20 listen-color-theme">Regular audits</h2>
            <p class="p large listen-color-theme">
              We conduct regular internal security audits and work with external
              auditors to review our hardware, software, and physical security
              configurations. We are SOC 2 Type 2 compliant. Download our SOC 3
              report
              <a
                href="https://assets-global.website-files.com/6050a76fa6a633d5d54ae714/625fcc1efff642504d906738_Smartlight%20-%202022%20Type%202%20SOC%203%20-%20Report.pdf"
                class="link"
                >here</a
              >. Our
              <a
                href="https://www.smartlight.com/platform/disclosure/"
                class="link"
                >security vulnerability program</a
              >
              rewards users and security researchers who find issues with our
              software and web services. If we discover a vulnerability, we
              follow a formal incident response framework to ensure rapid
              mitigation and transparent customer communication.
            </p>
          </div>
        </div>
      </section>
      <section class="section">
        <div class="container">
          <div class="cta-banner">
            <h2 class="h _2 listen-color-theme mb-16">Ready to get started?</h2>
            <p class="p large listen-color-theme mb-24 max-width-800">
              Create an account or talk to one of our experts.<br />
            </p>
            <div
              id="cta-buttons-grid"
              class="w-layout-grid grid _1-row l_1-col"
            >
              <a @click="$router.push('/reg')" class="button w-button"
                >Sign up for free</a
              >
            </div>
          </div>
        </div>
      </section>
    </main>
  </div>
</template>

<script>
export default {};
</script>

<style>
@import "./security.css";
</style>